Trusted computing technology can provide trustworthy state and corresponding verification method for cloud infrastructure.The first step of building trusted computing architecture is to build root of trust.The problem of building root of trust for report was not well solved in virtual trusted computing platform because of the differences between virtual machine and ordinary host.No universal and proven solution was developed,which affects the application of trusted computing technology,such as attestation in cloud environment.In this paper,by analyzing related works,it was concluded that the independent identity based on asymmetric key for each VM as well as protected and migratable storage of sensitive data such as platform configuration register (PCR) value and keys used in a VM were all required for constructing trusted computing architecture in cloud infrastructure.Furthermore,the integrity state of a VM reported with PCR should consist of both the physical PCR value emerged from physical booting procedure and virtual PCR value recording VM software boot procedure.With assumption of centralized and virtualization/non-virtualization unified trusted computing platform management,a model of building root of trust for report with virtual attestation identity key (AIK) as a virtual machine's identity was proposed.It can maintain a set of individual virtual and physical combined PCR values for each VM.Then the verification procedure of virtual trusted computing platform to identify itself with VAIK and report its unique integrity state with VPCR to verifiers including attestation challenger were proposed to support this model.At last,it was compared with TCG specification's method from several different management dimensions.Our model can build unambiguous identity for each VM.Meanwhile it can reduce complexity of verification procedure of VM and keep the compatibility of ordinary AIK verification mechanism.
